HTTP status code 302

Question

Im working on my Rails Backend in Ruby and i want to post Data to this server. But if i do a Post-request with PAW i get redirected. Im a newbie to Http Requests. Could someone explain me the functionality and how to use http post requests?

i want to post information on my server's datanase (sqlite3).

Here's a screenshot which should explain everything:

how does this work? please explain :) thanks. greetings John

and here's the code:

OwnersController:

#app/controllers/owners_controller.rb
class OwnersController < SessionsController
     respond_to :html
     before_action :owner_find, only: [:show, :edit, :update, :destroy]

     def index
        @owners = Owner.all
     end

     def show
     end  

    def update
       @owner = Owner.find(params[:id])

       if @owner.update(owner_params)
          redirect_to @owner
       else
          render 'edit'
       end
    end

    def new
       @owner = Owner.new
    end

    def destroy 
       @owner.destroy
       redirect_to owners_path
    end

    def edit
    end

    def create
        @owner = Owner.new owner_params
        if @owner.save!
           flash[:notice] = 'You signed up successfully'
           flash[:color]= 'valid'
           redirect_to owners_path
        else
           flash[:notice] = 'Form is invalid'
           flash[:color]= 'invalid'
          render 'new'
        end
    end

  private 

  def owner_find 
     @owner = Owner.find(params[:id])
  end  

  def owner_params
     params.require(:owner).permit(:name, :password, :password_confirmation, :token)
  end
end

SessionController:

class SessionsController < ApplicationController
  before_filter :authenticate_user, :except => [:login, :login_attempt]

  def login
    #goes to Login Form
  end

  def logout
    session[:owner_id] = nil
    redirect_to :action => 'login'
  end

  def login_attempt
    authorized_user = Owner.authenticate_by_name(params[:login_name],params[:login_password])
    if authorized_user
      session[:owner_id] = authorized_user.id
      flash[:notice] = "Wow Welcome again, you logged in as #{authorized_user.name}"
      redirect_to welcome_index_path
    else
      flash[:notice] = 'Invalid Username or Password'
      flash[:color]= 'invalid'
      render 'login'
    end
  end
end

Console Logs:

from web-request (http://192.168.2.144:3000/owners?name=hans&password=hans321&password_confirmation=hans321)

Started GET "/owners?name=hans&password=[FILTERED]&password_confirmation=[FILTERED]" for 192.168.2.144 at 2015-10-01 12:12:18 +0200 Cannot render console from 192.168.2.144! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by OwnersController#index as HTML Parameters: {"name"=>"hans", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"} Owner Load (0.1ms) SELECT "owners".* FROM "owners" WHERE "owners"."id" = ? LIMIT 1 [["id", 2]] Owner Load (0.1ms) SELECT "owners".* FROM "owners" Rendered owners/index.html.erb within layouts/application (1.8ms) Completed 200 OK in 60ms (Views: 58.9ms | ActiveRecord: 0.2ms)

It's telling 200 ok but nothing happens in the DB.

from Paw-Request (so i can use post. btw. how do i use post in browser request?

Started POST "/owners?name=hans&password=[FILTERED]&password_confirmation=[FILTERED]" for 192.168.2.144 at 2015-10-01 12:12:45 +0200 Cannot render console from 192.168.2.144! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by OwnersController#create as HTML Parameters: {"name"=>"hans", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"} Can't verify CSRF token authenticity Redirected to http://192.168.2.144:3000/ Filter chain halted as :authenticate_user rendered or redirected Completed 302 Found in 1ms (ActiveRecord: 0.0ms)

It seems that the CRSF authentication failed..

---

Edit:

at first: to Rich Peck! This helped me so much. Thank you!! I really appreciate your effort.

Im near to the solution.. My problem is: i cant put the correct params in the url. The token-auth is disabled for testing. so it wont matter.

the params should be like: Parameters: {"utf8"=>"✓", "authenticity_token"=>"q9JvFhoSUgfydFTvh18JHbIIdKNDjnOS9m/trVBu9EHPP04xGsO69zPh1BFZBI1Ev1YcnOTiPmaAiPWOSkm5Xg==", "owner"=>{"name"=>"Hubert", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Create Owner"}

and not as in my request: Parameters: {"name"=>"Hubert", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "owner"=>{}}

Answer 1

HTTP Status Codes

Firstly, a 30x response means "Resource Moved".

301 responses are used by many SEO people to denote permanent relocation of resources. 302 not so common, but still means a similar thing.

Every time you send & receive HTTP requests, you're going to receive a status code. The typical is the 200 response -- status success!

---

What you're seeing is the redirect_to command in action -

if @owner.save!
   flash[:notice] = ...
   redirect_to owners_path

I've never used PAW before, but I assume it's just giving you the pure response of the server, which would in this case be a 30x "Resource Moved" code.

I would expect a typical browser request to load the redirected route and display its yield on the screen.

---

Server

As a way to test this, you should attempt the same transaction in your browser:

lvh.me:3000/orders

(lvh.me is a domain routed to your own localhost which helps with subdomains in Rails)

This will give you the ability to test and see what happens with the responses. You *should * find that your data has been saved to the database (albeit SQLite3 in your case).

---

Syntax

Finally, you need to ensure you're using the correct syntax in your code.

Specifically:

#app/controllers/owners_controller.rb
class OwnersController < ApplicationController
   ...
   def create
      @owner = Owner.new owner_params
   end

   private

   def owner_params
      params.require(:owner).permit(:name, :password, :password_confirmation)
   end
end

You'll also want to look at bcrypt-ruby for protecting your passwords.

---

Testing

I tend to just test my Rails apps with standard browser functionality.

This means you can run the Rails Server ($ rails s in your console), which you'll then be able to then access through your browser.

You're trying to use this PAW thing, which is okay, but doesn't give you much flexibility in regard to the user-interactivity of the app (for example, submitting real forms etc)...

In your case, I'd do the following:

#app/views/orders/new.html.erb
<%= form_for @order do |f| %>
   <%= f.text_field :name %>
   <%= f.password_field :password %>
   <%= f.password_field :password_confirmation %>
   <%= f.submit %>
<% end %>

You'd then access lvh.me:3000/orders/new and submit the form. This will show you how it responds!

---

HTTP

Okay here's the deal with HTTP requests...

Whenever you send a piece of transactional data to your web application, you do it through an HTTP request. HTTP requests are just a way to send data through the "Internet".

With Rails based apps, this means that every time you "do" something in the app, you're really sending an HTTP request to your web server. Rails interprets this request and sends a response. This response is what your question is about.

You're asking about receiving 302 responses - this is the web server's way of saying you've been redirected. It's pretty basic stuff to be honest; your browser handles most of it.

A great tutorial can be found here:

---

Alright then your error is as follows:

Can't verify CSRF token authenticity

I can elaborate more on this later, but for now, you might want to look up this solution: WARNING: Can't verify CSRF token authenticity in case of API development